This guide will guide you through unlocking and disabling BitLocker encryption on a disc from an offline media using a bootable CD-ROM.

Start the machine and hit “F12” to enter the boot menu

Note: Some manufacturer use other keys to enter the boot menu.

Choose an offline media, in this case “CD-ROM Drive” to boot from.

Note: Insert the media provided (CD-ROM).

Press any key to boot from the CD-ROM.

You will be presented with the following screen while loading the files on the CD-ROM.

When Windows is done loading the files you will be presented with the following screen.

Hit the “F8” key to enter a Command console like on the following picture:

To unlock the encrypted disc type the following command without quotes: “manage-bde -unlock d: -recoverypassword 054690-447628-511311-378994-103534-548851-245938-122687” where the 6 x 8 digits represent the recovery key provided from Service desk. The output should end up as showed below.

Note: If the machine is restarted, BitLocker will simply lock the drive again. The disc is only readable in the current session at this point. IMPORTANT: DO NOT REBOOT AT THIS TIME.

Last step is to disable the protection. This is a must to be able to boot the machine into Windows with a unlocked disc. Run the following command without qoutes to disable the protection: “manage-bde –protectors -disable d:”

Optional: The status of BitLocker can be viewed by typing the following command without quotes:

“manage-bde -status d:”.

This is how the final output should end up with both Protection: Off and Lock Status: Unlocked:

The disc is now unlocked and readable in Windows. Eject the media and reboot the machine.

Note: The following command without quotes will force the machine to reboot: “wpeutil reboot”.

Caution: BitLocker is turned off and all data is now readable in Windows. BitLocker will not automatically turn on the encryption once Windows is back on. This has to be done manually as a separate task in Windows.

6 Responses to KB: BitLocker guide, how to unlock manually using WinPE

Hi Zee. The Boot CD is created within Configuration Manager. You have to have the license and a environment of of Configuration Manager your self and create the bootable media. I will gladly help/guide you when you have the above🙂

Hi Svar .. Looks like you are using windows Boot CD I am not sure what you mean by configuration manager and liecense also where is the task wizard software come from..
if its at all possible can you email me the information on how to put all this together thanks.

Hi Zee
I’m using Microsoft Configuration Manager 2007 boot media which is created in a Configuration Manager 2007 environment. Setting up such environment is impossible to explain in a comment box and a normal implementation of such environment is estimated 1 week to set up.
Basically you could boot on any Windows 7 bootable device and do the same trick as in my guide. All you need is access to a command prompt to be able to execute the command. you migt even be able to boot on an original Windows 7 disk into Rescue mode and get the command prompt.
I hope it helped you.